'Proceed' event may not always be logged to the console's event viewer

  • Article ID: 114440
  • Updated: 01 Dec 2011

Issue

Proceed events are not always reported to the console (in the event viewer) when a web page in a category set to 'Warn' is accessed by a user and they proceed through the warning.

Paged accessed via HTTPS do not display 'Warn' or 'Block' pages to the end user. Web pages accessed via HTTPS and categorized to 'Warn' will automatically 'Proceed'.

First seen in

Sophos Endpoint Security and Control 10.0

Cause

There are two possible causes for this issue:
  1. Accessing a HTTPS webpage via a browser that does not support SNI will send a 'warn' event to the console, but no 'proceed' event.
  2. Accessing a HTTPS webpage via an IP address (rather than a Domain Name URI) on a browser that supports SNI will send a 'warn' event to the console but not a 'proceed' event.

Sophos' LSP component needs the web browser to support SNI.  For example: Internet Explorer on XP does not support SNI. The web page must also be accessed via a DNS address to generate an event.

What To Do

To avoid this problem we recommend you use of a browser that supports SNI and, if possible, access the web page via a DNS name.

We may look into improving this limitation in a future product release.

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments